A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely. The term “cryptosystem” is shorthand for “cryptographic system” and refers to a computer system that employs cryptography, a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.
To help keep data secure, cryptosystems incorporate the algorithms for key generation, encryption and decryption techniques. At the heart of cryptographic operations is a cryptographic key, a string of bits used by a cryptographic algorithm to transform plain text into ciphertext or the reverse. The key is part of the variable data provided as input to a cryptographic algorithm to execute this sort of operation. The cryptographic scheme’s security depends on the security of the keys used.
Cryptosystems are used for sending messages in a secure manner over the internet, such as credit card information and other private data. In another application of cryptography, a system for secure electronic mail might include methods for digital signatures, cryptographic hash functions and key management techniques.
Components of cryptosystems
A basic cryptosystem includes the following components:
- Plaintext- This is the data that needs to be protected.
- Encryption algorithm- This is the mathematical algorithm that takes plaintext as the input and returns ciphertext. It also produces the unique encryption key for that text.
- Ciphertext- This is the encrypted, or unreadable, version of the plaintext.
- Decryption algorithm- This is the mathematical algorithm that takes ciphertext as the input and decodes it into plaintext. It also uses the unique decryption key for that text.
- Encryption key- This is the value known to the sender that is used to compute the ciphertext for the given plaintext.
- Decryption key- This is the value known to the receiver that is used to decode the given ciphertext into plaintext.
Types of cryptosystems
Cryptosystems are categorized by the method they use to encrypt data, either symmetrically or asymmetrically.
- symmetric key encryption is when the cryptosystem uses the same key for both encryption and decryption. In this method, keys are shared with both parties prior to transmission and are changed regularly to prevent any system attacks.
- Asymmetric key encryption is when the cryptosystem uses different keys for encryption and decryption. However, the keys are mathematically related. In this method, each party has their own pair of keys that is exchanged during transmission.
Cryptosystem attack examples
Modern cryptography has become highly complex, and because encryption is used to keep data secure, cryptographic systems are an attractive target for attackers. What is considered strong encryption today will likely not be sufficient a few years from now due to advances in CPU technologies and new attack techniques.
Common types of cryptographic attacks include the following:
- Brute force attacks attempt every possible combination for a key or password. Increasing key length boosts the time to perform a brute force attack because the number of potential keys rises.
- In a replay attack, the malicious individual intercepts an encrypted message between two parties (such as a request for authentication) and later “replays” the captured message to open a new session. Incorporating a time stamp and expiration period into each message can help eliminate this type of attack.
- In a man-in-the-middle (MitM) attack, a malicious individual sits between two communicating parties and intercepts communications (including the setup of the cryptographic session). The attacker responds to the originator’s initialization requests, sets up a secure session with the originator and then establishes a second secure session with the intended recipient using a different key and posing as the originator. The attacker has access to all traffic passing between the two parties.
- An implementation attack takes advantage of vulnerabilities in the implementation of a cryptosystem to exploit the software code, not just errors and flaws but the logic implementation to work the encryption system.
- A statistical attack exploits statistical weaknesses in a cryptosystem, such as floating-point errors. Another weakness that might lead to a statistical attack is the inability to produce truly random numbers. (Because software-based random number generators have a limited capacity, attackers could potentially predict encryption keys). Statistical attacks are aimed at finding vulnerabilities in the hardware or operating system hosting the cryptography application.
- A ciphertext-only attack is one of the most difficult types of cyber-attack to perpetrate because the attacker has very little information to begin with. For example, the attacker might start with some unintelligible data that he or she suspects may be an important encrypted message but then gather several pieces of ciphertext that can help him or her find trends or statistical data that would aid in an attack.
- In a known plaintext attack, an attacker who has a copy of both the encrypted message and the plaintext message used to generate the ciphertext may be able to break weaker codes. This type of attack is aimed at finding the link – the cryptographic key that was used to encrypt the message. Once the key is found, the attacker can then decrypt all messages that encrypted using that key.